lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <41D57011.4040901@sdf.lonestar.org>
From: bkfsec at sdf.lonestar.org (bkfsec)
Subject: /bin/rm file access vulnerability

J.A. Terranson wrote:

>
>When you feed trolls, they grow :-)
>  
>
Hey - I'm preplanning for Thanksgiving!

>  
>
>>Seriously, we seem to be getting more crap like this.  Are people just
>>bored?
>>    
>>
>
>I'm bored :-)
>
>
>	mx1# touch killme
>	mx1# chmod 0 killme
>	mx1# ls -al killme
>	----------  1 root  wheel  0 Dec 30 20:39 killme
>	mx1# rm killme
>	mx1# ls -al killme
>	ls: killme: No such file or directory
>	mx1#
>
>At least here s/he/it could have tried to wrap the old "should anyone be
>allowed to do this" trap around someone's ankles.  But the one below is
>just beyond lame - it's a troll with a neon sign attached flashing "FEED
>ME!"
>
>
>  
>
Agreed - or, at least, wrapped some humor in there other than a simple 
perl script.  Heh.

Something like a headline "UnCHEckED DefaceMENT in UID0 in *ALL* UnIx 
KernELS!" would have sufficed.

                -Barry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ